Forward Data to Other Systems
Configure JSA to forward data to one or more vendor systems, such as ticketing or alerting systems.
You can also forward normalized data to other JSA deployments. The target system that receives the data from JSA is known as a forwarding destination. JSA ensures that all forwarded data is unaltered.
Forwarded normalized data must match or exist in both JSA deployments. Otherwise, the event might have an incorrect associated QID or remain unparsed. This data includes QIDS, custom log source types, custom properties, event ID, and event category expressions. To prevent synchronization issues, forward the events by using raw format.
To avoid compatibility problems when you send event and flow data, ensure that the deployment that receives the data is the same version or higher than the deployment that sends the data by using the following workflow.
Configure one or more forwarding destinations.
To determine what data you want to forward, configure routing rules, custom rules, or both.
Configure the routing options to apply to the data.
For example, you can configure all data from a specific event collector to forward to a specific ticketing system. You can also bypass correlation by removing the data that matches a routing rule.